Linux falls off DMZ

We are totally baffled by a problem we have been having ... here is
what is happening ...

- We have a Dell PowerEdge 650 running Redhat Linux 7.3
- And a CISCO firewall

That's the only standard I can say ... OK ... now after about 15
minutes the computer just disappears from beyond the firewall. But
from within the network in the firewall, it is just fine. After is
drops, the server can still be pinged from within the firewall AND
once the server is SSHed to from a "nearby" machine, it immediately
pops back up online outside the firewall without difficulty.

Here is what we have used to debug:
1) Is it the network card dropping?
- initally the Dell came with an Intel Pro 1000MT Dual Card ... so we
replaced it with another Intel Pro 1000MT Dual Card ... same problem
.... so we replaced it again with a D-Link 10/100 card ... problem
still occurs ... THUS it isn't NIC card related

2) Is it Dell PowerEdge related?
- we replaced the PowerEdge with a dual boot (Win 98, Linux 7.3) Dell
Optiplex GX100. In Linux the problem still occurs ... it falls off the
network if communication thru the firewall doesn't occur. THUS it
isn't the physical server.

3) Is the Linux install bad?
- we reinstalled Redhat 7.3, no luck ... we installed 9.0, no luck
.... we installed 8.0, no luck ... we reinstalled 7.3, still no luck
.... THUS it isn't Linux 7.3 causing the problem

4) Is the OS the problem?
- obviously Redhat 7.3 is giving problems, so we tried Windows ... NO
PROBLEM ... we brought in a Mac too ... NO problem ... AH HA ... it
has something to do with Linux.

5) Is the problem a network cable ... nope

6) Does the problem occur outside the firewall?
- we moved our server to outside the firewall ... and ran it in RH
Linux 7.3 ... NO PROBLEMS ... the server runs perfectly outside the
firewall

7) We contacted CISCO and they suggested checking ARP tables ... no
problem, our server is still there

8) We even tried moving the server directly next to the firewall
physically ... no luck

9) All the basics too ... new cables have been tried, new switches
have been tried, new IP addresses and domains have been tried.

THE ONLY solution we have found is to ping the box from an "outside
the firewall" box every 30 seconds or so ... this keeps it up and
running wihtout difficulty ... but it is only a semi-solution, we
would like it to just run without problem.

Any ideas?
Rick

On Mon, 12 Apr 2004 09:38:34 -0500, Rick Wezowicz wrote:

> We are totally baffled by a problem we have been having ... here is what
> is happening ...
>
> - We have a Dell PowerEdge 650 running Redhat Linux 7.3 - And a CISCO
> firewall
>
> That's the only standard I can say ... OK ... now after about 15 minutes
> the computer just disappears from beyond the firewall. But from within
> the network in the firewall, it is just fine. After is drops, the server
> can still be pinged from within the firewall AND once the server is
> SSHed to from a "nearby" machine, it immediately pops back up online
> outside the firewall without difficulty.
>
> Here is what we have used to debug:
> 1) Is it the network card dropping?
> - initally the Dell came with an Intel Pro 1000MT Dual Card ... so we
> replaced it with another Intel Pro 1000MT Dual Card ... same problem ...
> so we replaced it again with a D-Link 10/100 card ... problem still
> occurs ... THUS it isn't NIC card related
>
> 2) Is it Dell PowerEdge related?
> - we replaced the PowerEdge with a dual boot (Win 98, Linux 7.3) Dell
> Optiplex GX100. In Linux the problem still occurs ... it falls off the
> network if communication thru the firewall doesn't occur. THUS it isn't
> the physical server.
>
> 3) Is the Linux install bad?
> - we reinstalled Redhat 7.3, no luck ... we installed 9.0, no luck
> ... we installed 8.0, no luck ... we reinstalled 7.3, still no luck ...
> THUS it isn't Linux 7.3 causing the problem
>
> 4) Is the OS the problem?
> - obviously Redhat 7.3 is giving problems, so we tried Windows ... NO
> PROBLEM ... we brought in a Mac too ... NO problem ... AH HA ... it has
> something to do with Linux.
>
> 5) Is the problem a network cable ... nope
>
> 6) Does the problem occur outside the firewall?
> - we moved our server to outside the firewall ... and ran it in RH
> Linux 7.3 ... NO PROBLEMS ... the server runs perfectly outside the
> firewall
>
> 7) We contacted CISCO and they suggested checking ARP tables ... no
> problem, our server is still there
>
> 8) We even tried moving the server directly next to the firewall
> physically ... no luck
>
> 9) All the basics too ... new cables have been tried, new switches have
> been tried, new IP addresses and domains have been tried.
>
> THE ONLY solution we have found is to ping the box from an "outside the
> firewall" box every 30 seconds or so ... this keeps it up and running
> wihtout difficulty ... but it is only a semi-solution, we would like it
> to just run without problem.
>
> Any ideas?
> Rick

I am not sure I understand what you mean by "disappear". When it does
this can the pix ping the host? Can the RH box ping the pix? What does
your nat config look like (show nat, show static)?

Rik Bain

Rick Wezowicz wrote:
> We are totally baffled by a problem we have been having ... here is
> what is happening ...
>
> - We have a Dell PowerEdge 650 running Redhat Linux 7.3
> - And a CISCO firewall
>
> That's the only standard I can say ... OK ... now after about 15
> minutes the computer just disappears from beyond the firewall. But
> from within the network in the firewall, it is just fine. After is
> drops, the server can still be pinged from within the firewall AND
> once the server is SSHed to from a "nearby" machine, it immediately
> pops back up online outside the firewall without difficulty.
>
> Here is what we have used to debug:
> 1) Is it the network card dropping?
> - initally the Dell came with an Intel Pro 1000MT Dual Card ... so we
> replaced it with another Intel Pro 1000MT Dual Card ... same problem
> ... so we replaced it again with a D-Link 10/100 card ... problem
> still occurs ... THUS it isn't NIC card related
>
> 2) Is it Dell PowerEdge related?
> - we replaced the PowerEdge with a dual boot (Win 98, Linux 7.3) Dell
> Optiplex GX100. In Linux the problem still occurs ... it falls off the
> network if communication thru the firewall doesn't occur. THUS it
> isn't the physical server.
>
> 3) Is the Linux install bad?
> - we reinstalled Redhat 7.3, no luck ... we installed 9.0, no luck
> ... we installed 8.0, no luck ... we reinstalled 7.3, still no luck
> ... THUS it isn't Linux 7.3 causing the problem
>
> 4) Is the OS the problem?
> - obviously Redhat 7.3 is giving problems, so we tried Windows ... NO
> PROBLEM ... we brought in a Mac too ... NO problem ... AH HA ... it
> has something to do with Linux.
>
> 5) Is the problem a network cable ... nope
>
> 6) Does the problem occur outside the firewall?
> - we moved our server to outside the firewall ... and ran it in RH
> Linux 7.3 ... NO PROBLEMS ... the server runs perfectly outside the
> firewall
>
> 7) We contacted CISCO and they suggested checking ARP tables ... no
> problem, our server is still there
>
> 8) We even tried moving the server directly next to the firewall
> physically ... no luck
>
> 9) All the basics too ... new cables have been tried, new switches
> have been tried, new IP addresses and domains have been tried.
>
> THE ONLY solution we have found is to ping the box from an "outside
> the firewall" box every 30 seconds or so ... this keeps it up and
> running wihtout difficulty ... but it is only a semi-solution, we
> would like it to just run without problem.
>
> Any ideas?
> Rick

Hello Rick A few basics:

netstat -nr <will show you your routing
table on your linux system>

ifconfig -a <will show you your ethernet
interfaces and how they are configured>

ethereal is the most robust sniffer you
can have. Find a machine and install it.
Ethereal will sniff your ethernet I/O
on on your linux system. Frequently, I
install 10mbps flat hubs between
machines to sniff (analyze) data traffic.

Is the machine a web servers? What the
topology, i.e. the connection between
the RH system and the cisco router?

keepalive can be used on the cisco's
ethernet interface as well as 'ip route
cache'.

If you can ping (see) the linux system
from other machines, it's up on the
network. You may be passing 'bad routes'
to the linux system, and not be aware
of it. What routing software/deamons are
your running (if any) on the RH machine?

If this machine is in your DMZ, are your
other DMZ machines seen by the outside
internet?

More specifics are useful. Here is my
BEST suggestion,

RUN, not walk to Debian from RedHat.
You'll find LOTS more support....
Besides, RH is dying. As a server only
product now. Debian is easy to install,
upgrade, and get support on.


James

(E-Mail Removed) (Rick Wezowicz) wrote in message news:<(E-Mail Removed). com>...
> We are totally baffled by a problem we have been having ... here is
> what is happening ...
>
> - We have a Dell PowerEdge 650 running Redhat Linux 7.3
> - And a CISCO firewall
>
> That's the only standard I can say ... OK ... now after about 15
> minutes the computer just disappears from beyond the firewall. But
> from within the network in the firewall, it is just fine. After is
> drops, the server can still be pinged from within the firewall AND
> once the server is SSHed to from a "nearby" machine, it immediately
> pops back up online outside the firewall without difficulty.
>
> Here is what we have used to debug:
> 1) Is it the network card dropping?
> - initally the Dell came with an Intel Pro 1000MT Dual Card ... so we
> replaced it with another Intel Pro 1000MT Dual Card ... same problem
> ... so we replaced it again with a D-Link 10/100 card ... problem
> still occurs ... THUS it isn't NIC card related
>
> 2) Is it Dell PowerEdge related?
> - we replaced the PowerEdge with a dual boot (Win 98, Linux 7.3) Dell
> Optiplex GX100. In Linux the problem still occurs ... it falls off the
> network if communication thru the firewall doesn't occur. THUS it
> isn't the physical server.
>
> 3) Is the Linux install bad?
> - we reinstalled Redhat 7.3, no luck ... we installed 9.0, no luck
> ... we installed 8.0, no luck ... we reinstalled 7.3, still no luck
> ... THUS it isn't Linux 7.3 causing the problem
>
> 4) Is the OS the problem?
> - obviously Redhat 7.3 is giving problems, so we tried Windows ... NO
> PROBLEM ... we brought in a Mac too ... NO problem ... AH HA ... it
> has something to do with Linux.
>
> 5) Is the problem a network cable ... nope
>
> 6) Does the problem occur outside the firewall?
> - we moved our server to outside the firewall ... and ran it in RH
> Linux 7.3 ... NO PROBLEMS ... the server runs perfectly outside the
> firewall
>
> 7) We contacted CISCO and they suggested checking ARP tables ... no
> problem, our server is still there
>
> 8) We even tried moving the server directly next to the firewall
> physically ... no luck
>
> 9) All the basics too ... new cables have been tried, new switches
> have been tried, new IP addresses and domains have been tried.
>
> THE ONLY solution we have found is to ping the box from an "outside
> the firewall" box every 30 seconds or so ... this keeps it up and
> running wihtout difficulty ... but it is only a semi-solution, we
> would like it to just run without problem.
>
> Any ideas?
> Rick

Try disable proxy arp on the Internal leg of the pix
(the sysopt noproxyarp inside_interface).